Microsoft defends Windows Hello security despite flaws being found

Don’t say goodbye to Hello

Shares

Microsoft has been forced to defend its Windows Hello software following the publication of a worrying security vulnerability that allows people to trick your webcam into unlocking your Windows 10 PC using little more than a printed photo.

As we reported when the news broke last week, PCs running versions of Windows 10 older than the recently-released Fall Creators Update and that use Windows Hello to unlock the machine using a webcam, can be easily caught out by a simple laser-printed photon taken with a near IR (infrared) camera.

Since then, Microsoft appears to have gone on the defensive, and has published a blog post that extols the virtues of using Windows Hello, rather than a password, to unlock your PC.

Hello, is it me you’re looking for?

Microsoft’s blog post quotes Bret Arsenault, Microsoft’s corporate vice president and chief information security officer as saying “[the password] model needs a makeover. Securing devices is important, but it’s not enough. We should also be focused on securing individuals. We can enhance your experience and security by letting you become the password.”

The blog post also goes into detail about the technology used by Windows Hello, with Rob Lefferts, director of program management for Windows Enterprise and Security, explaining that “It’s actually building a 3D map of your face. It has depth and characteristics, and we use multi-spectrum analysis so we’re getting multiple images of your face from different perspectives.”

If this isn’t enough to convince you that Windows Hello is secure, remember that the security issue from last week involved older versions of Windows 10 , so if your operating system is updated, and Windows Hello properly set up, your device should be more secure.

It’s also worth reading the whole blog, as it goes into a lot of depth about the security technology behind Windows 10.

However, on Microsoft’s behalf, it needs to do a lot more to ensure that embarrassing security lapses don’t happen again, especially as it claims that around 70% of Windows 10 users with biometric-enabled features (such as fingerprint readers or specialised webcams), use Windows Hello rather than normal passwords.

With that number of people relying on Windows Hello to secure their devices, it is imperative that Microsoft makes the technology as secure as possible – and no amount of defensive blog posts will make up for that.